tpm: Added support for TPM emulator

This change introduces a new TPM backend driver that can communicate with swtpm(software TPM emulator) using unix domain socket interface. QEMU talks to the TPM emulator using QEMU's socket-based chardev backend device. Swtpm uses two Unix sockets for communications, one for plain TPM commands and responses, and one for out-of-band control messages. QEMU passes the data socket to be used over the control channel. The swtpm and associated tools can be found here: https://github.com/stefanberger/swtpm The swtpm's control channel protocol specification can be found here: https://github.com/stefanberger/swtpm/wiki/Control-Channel-Specification Usage: # setup TPM state directory mkdir /tmp/mytpm chown -R tss:root /tmp/mytpm /usr/bin/swtpm_setup --tpm-state /tmp/mytpm --createek # Ask qemu to use TPM emulator with given tpm state directory qemu-system-x86_64 \ [...] \ -chardev socket,id=chrtpm,path=/tmp/swtpm-sock \ -tpmdev emulator,id=tpm0,chardev=chrtpm \ -device tpm-tis,tpmdev=tpm0 \ [...] Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
qemu · Oct 13, 2017 · f4ede81 · f4ede81
1 parent 4a3d809
commit f4ede81
Show file tree

Hide file tree

Showing 7 changed files with 888 additions and 7 deletions.
diff --git a/configure b/configure
@@ -3495,6 +3495,12 @@ else
   tpm_passthrough=no
 fi
 
+# TPM emulator is for all posix systems
+if test "$mingw32" != "yes"; then
+  tpm_emulator=$tpm
+else
+  tpm_emulator=no
+fi
 ##########################################
 # attr probe
 
@@ -5412,6 +5418,7 @@ echo "gcov enabled      $gcov"
 echo "TPM support       $tpm"
 echo "libssh2 support   $libssh2"
 echo "TPM passthrough   $tpm_passthrough"
+echo "TPM emulator      $tpm_emulator"
 echo "QOM debugging     $qom_cast_debug"
 echo "Live block migration $live_block_migration"
 echo "lzo support       $lzo"
@@ -6011,12 +6018,16 @@ if test "$live_block_migration" = "yes" ; then
   echo "CONFIG_LIVE_BLOCK_MIGRATION=y" >> $config_host_mak
 fi
 
-# TPM passthrough support?
 if test "$tpm" = "yes"; then
   echo 'CONFIG_TPM=$(CONFIG_SOFTMMU)' >> $config_host_mak
+  # TPM passthrough support?
   if test "$tpm_passthrough" = "yes"; then
     echo "CONFIG_TPM_PASSTHROUGH=y" >> $config_host_mak
   fi
+  # TPM emulator support?
+  if test "$tpm_emulator" = "yes"; then
+    echo "CONFIG_TPM_EMULATOR=y" >> $config_host_mak
+  fi
 fi
 
 echo "TRACE_BACKENDS=$trace_backends" >> $config_host_mak

diff --git a/hmp.c b/hmp.c
@@ -1000,6 +1000,7 @@ void hmp_info_tpm(Monitor *mon, const QDict *qdict)
     Error *err = NULL;
     unsigned int c = 0;
     TPMPassthroughOptions *tpo;
+    TPMEmulatorOptions *teo;
 
     info_list = qmp_query_tpm(&err);
     if (err) {
@@ -1029,6 +1030,10 @@ void hmp_info_tpm(Monitor *mon, const QDict *qdict)
                            tpo->has_cancel_path ? ",cancel-path=" : "",
                            tpo->has_cancel_path ? tpo->cancel_path : "");
             break;
+        case TPM_TYPE_OPTIONS_KIND_EMULATOR:
+            teo = ti->options->u.emulator.data;
+            monitor_printf(mon, ",chardev=%s", teo->chardev);
+            break;
         case TPM_TYPE_OPTIONS_KIND__MAX:
             break;
         }

diff --git a/hw/tpm/Makefile.objs b/hw/tpm/Makefile.objs
@@ -1,2 +1,3 @@
 common-obj-$(CONFIG_TPM_TIS) += tpm_tis.o
 common-obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o tpm_util.o
+common-obj-$(CONFIG_TPM_EMULATOR) += tpm_emulator.o tpm_util.o